Accepting request 251830 from Base:System

- Add bash-4.2-CVE-2014-6271.patch to fix CVE-2014-6271, the unexpected code execution with environment variables (bnc#896776) - Add patch bash-4.2-error-getpwd.patch which is the backport of the corrected german error message for a failing getpwd (bnc#895475) OBS-URL: https://build.opensuse.org/request/show/251830 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/bash?expand=0&rev=118
2014-09-28 17:53:46 +00:00 · 2014-09-28 17:53:46 +00:00 · 0fe4637ee1
commit 0fe4637ee1
parent 5fec065b3c e261e6e10e
4 changed files with 103 additions and 0 deletions
--- a/bash-4.2-CVE-2014-6271.patch
+++ b/bash-4.2-CVE-2014-6271.patch
@ -0,0 +1,67 @@
 diff -ur a/bash/builtins/common.h b/bash/builtins/common.h
 --- a/bash/builtins/common.h	2010-05-31 00:31:51.000000000 +0200
 +++ b/bash/builtins/common.h	2014-09-16 21:36:20.139826595 +0200
@@ -33,6 +33,8 @@
 #define SEVAL_RESETLINE	0x010
 #define SEVAL_PARSEONLY	0x020
 #define SEVAL_NOLONGJMP 0x040
 +#define SEVAL_FUNCDEF	0x080		/* only allow function definitions */
 +#define SEVAL_ONECMD	0x100		/* only allow a single command */
 /* Flags for describe_command, shared between type.def and command.def */
 #define CDESC_ALL		0x001	/* type -a */
 diff -ur a/bash/builtins/evalstring.c b/bash/builtins/evalstring.c
 --- a/bash/builtins/evalstring.c	2010-11-23 14:22:15.000000000 +0100
 +++ b/bash/builtins/evalstring.c	2014-09-16 21:36:20.139826595 +0200
@@ -261,6 +261,14 @@
 	    {
 	      struct fd_bitmap *bitmap;
 +	      if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
 +		{
 +		  internal_warning ("%s: ignoring function definition attempt", from_file);
 +		  should_jump_to_top_level = 0;
 +		  last_result = last_command_exit_value = EX_BADUSAGE;
 +		  break;
 +		}
 +
 	      bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
 	      begin_unwind_frame ("pe_dispose");
 	      add_unwind_protect (dispose_fd_bitmap, bitmap);
@@ -321,6 +329,9 @@
 	      dispose_command (command);
 	      dispose_fd_bitmap (bitmap);
 	      discard_unwind_frame ("pe_dispose");
 +
 +	      if (flags & SEVAL_ONECMD)
 +		break;
 	    }
 	}
       else
 diff -ur a/bash/variables.c b/bash/variables.c
 --- a/bash/variables.c	2014-09-16 21:35:34.878850652 +0200
 +++ b/bash/variables.c	2014-09-16 21:37:16.221034763 +0200
@@ -347,7 +347,11 @@
 	  temp_string[char_index] = ' ';
 	  strcpy (temp_string + char_index + 1, string);
 -	  parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
 + 	  /* Don't import function names that are invalid identifiers from the
 + 	     environment, though we still allow them to be defined as shell
 + 	     variables. */
 + 	  if (legal_identifier (name))
 + 	    parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
 	  /* Ancient backwards compatibility.  Old versions of bash exported
 	     functions like name()=() {...} */
@@ -361,10 +365,6 @@
 	    }
 	  else
 	    report_error (_("error importing function definition for `%s'"), name);
 -
 -	  /* ( */
 -	  if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
 -	    name[char_index - 2] = '(';		/* ) */
 	}
 #if defined (ARRAY_VARS)
 #  if 0
--- a/bash-4.2-error-getpwd.patch
+++ b/bash-4.2-error-getpwd.patch
@ -0,0 +1,16 @@
 Backport of the corrected error message for a failing getpwd (bnc#895475)
 ---
 po/de.po |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- po/de.po
 +++ po/de.po	2014-09-15 08:46:03.482235134 +0000
@@ -267,7 +267,7 @@ msgstr "Fehler beim Ermitteln der Termin
 #: builtins/common.c:563
 #, c-format
 msgid "%s: error retrieving current directory: %s: %s\n"
 -msgstr "%s: Kann das nicht aktuelle Verzeichnis wiederfinden: %s: %s\n"
 +msgstr "%s: Kann das aktuelle Verzeichnis nicht wiederfinden: %s: %s\n"
 #: builtins/common.c:629 builtins/common.c:631
 #, c-format
--- a/bash.changes
+++ b/bash.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Thu Sep 18 12:10:17 UTC 2014 - werner@suse.de
 - Add bash-4.2-CVE-2014-6271.patch
  to fix CVE-2014-6271, the unexpected code execution with
  environment variables (bnc#896776)
 -------------------------------------------------------------------
 Mon Sep 15 08:52:13 UTC 2014 - werner@suse.de
 - Add patch bash-4.2-error-getpwd.patch
  which is the backport of the corrected german error message for
  a failing getpwd (bnc#895475)
 -------------------------------------------------------------------
 Sun Jun 29 13:24:47 UTC 2014 - schwab@linux-m68k.org
--- a/bash.spec
+++ b/bash.spec
@ -93,10 +93,14 @@ Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.2-destdir.patch
 Patch31:        readline-6.2-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
 # PATCH-FIX-UPSTREAM bnc#895475 -- locale de_DE.utf8 has wrong translations
 Patch41:        bash-4.2-error-getpwd.patch
 Patch42:        audit-patch
 Patch43:        audit-rl-patch
 Patch46:        man2html-no-timestamp.patch
 Patch47:        config-guess-sub-update.patch
 # PATCH-FIX-UPSTREAM bnc#895475 -- bnc#896776, CVE-2014-6271: unexpected code execution with environment variables
 Patch48:        bash-4.2-CVE-2014-6271.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %global         _sysconfdir /etc
 %global         _incdir     %{_includedir}
@ -312,11 +316,13 @@ done
 %patch26 -p0 -b .msgdy
 %patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
 %patch41 -p0 -b .errgetpwd
 %if 0%suse_version >= 1100
 %patch42 -p1 -b .audit
 %endif
 %patch46 -p0 -b .notimestamp
 %patch47
 %patch48 -p2
 %patch0  -p0 -b .0
 pushd ../readline-%{rl_vers}%{extend}
 for patch in ../readline-%{rl_vers}-patches/*; do